cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Relatório do ZHPDiag v2015.5.25.52 - Nicolas Coolman (25/05/2015)
~ Iniciado por Família (26/05/2015 23:07:50)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Desativado pelo Utilizador
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 37.0.2
GCIE: Google Chrome v43.0.2357.81 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Ultimate, 32-bit (Build 7600)

---\\ Softwares de proteçao do sistema
Microsoft Security Client v4.8.0204.0
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v4.03

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.2
Vuze Remote Toolbar v6.9.0.16 =>P2P.Azureus

---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX
Adobe Reader X

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2996 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 13 GB (22%) free of 59 GB

---\\ Modo de conexão ao sistema
~ Computer Name: FAMÍLIA-PC
~ User Name: Família
~ All Users Names: HomeGroupUser$, Família, Convidado, Administrador,
~ Unselected Option: None
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Família\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Família\AppData\Roaming\
~ %Desktop% : C:\Users\Família\Desktop\
~ %Favorites% : C:\Users\Família\Favorites\
~ %LocalAppData% : C:\Users\Família\AppData\Local\
~ %StartMenu% : C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 13 Go of 59 Go)
D: Hard drive, Flash drive, Thumb drive (Free 415 Go of 537 Go)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: 50 Scanned in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Windows Explorer.) (.31/10/2009 - 02:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CFD26829131439B71D0109F9D5345573] - (.Microsoft Corporation - Internet Extensions para Win32.) (.30/06/2014 - 09:33:34.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.A8F59428E9F361C7AC42A94AC1560BC9] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:58:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1210728]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 13:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/157
~ Mes musiques (My Musics) : 4/79
~ Mes Favoris (My Favorites) : 1/17
~ Mes Documents (My Documents) : 3/38
~ Mon Bureau (My Desktop) : 3/76
~ Menu demarrer (Programs) : 1/51
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.5EA288E0410347787485791DC862576B] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [142680] [PID.3708]
[MD5.390EC1BB6A4C4F32934F0D1D1388C942] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [176472] [PID.3716]
[MD5.14019000FD1B32286B34BA7E7958D9C3] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [175448] [PID.3732]
[MD5.47EA5F76FAB723C61AB4A0D79BAD512C] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176] [PID.3756]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.3920]
[MD5.6ECC8A2B5780B31D7FD0A88F8424262B] - (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Program Files\ManyCam\Bin\ManyCam.exe [5399888] [PID.2620]
[MD5.3F03AC51CE406AE04902BF239EE4F8F8] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Família\AppData\Roaming\Dropbox\bin\Dropbox.exe [43374104] [PID.1132]
[MD5.C4EF32C1C0473392EF4204890AF8E457] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.1120]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.3808]
[MD5.F6B0935B23E3C5B54DF33D3C180CA063] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8211968] [PID.6004]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Família\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Pasta de extensão do Google Chrome
G2 - EXT: C:\Users\Família\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpgpfncmphkckngffgckamkjhiocobn [Kryptonita Quebra Link]
G2 - EXT: C:\Users\Família\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [__MSG_appName__]
G2 - EXT: C:\Users\Família\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [__MSG_appName__]
G2 - EXT: C:\Users\Família\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih [Smiley Bar for Facebook] =>Adware.SmileyBar
G2 - EXT: C:\Users\Família\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [__MSG_extName__]
G2 - EXT: C:\Users\Família\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [Google Play]
G2 - EXT: C:\Users\Família\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [Chrome Hotword Shared Module]
G2 - EXT: C:\Users\Família\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [__MSG_APP_NAME__]
G2 - EXT: C:\Users\Família\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk [Vuze Remote] =>P2P.Azureus
~ Google Lines Browser: 18 Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M0 - MFSP: prefs.js [Família - 4h8m5dfx.default] www.321oyun.com
M2 - MFEP: Extension [Família - 4h8m5dfx.default] 67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\bing.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\buscape.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\google.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\mercadolivre.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\twitter.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia-br.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo-br.xml
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.25.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Windows\system32\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=11.45.2] - (.Oracle Corporation - Next Generation Java Plug-in 11.45.2 for Mozilla browsers.) -- C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.40416.0.) -- C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3555.0308] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.10.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\Família\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (.Unity Technologies ApS - Unity Player 4.1.2f1.) -- C:\Users\Família\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Família\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
~ Firefox Browser: 31 Scanned in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.321oyun.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.321oyun.com
R0 - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\Main,Start Page = www.321oyun.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.321oyun.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.321oyun.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.) =>P2P.Azureus
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: 15 Scanned in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CrossriderApp0033906 - {11111111-1111-1111-1111-110311391106} . (.VisualBee - VisualBee BHO.) -- C:\Program Files\VisualBee\VisualBee-bho.dll =>PUP.CrossRider
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files\XTab\SupTab.dll =>PUP.SupTab
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} . (.Status Winks - ScriptHost.) -- C:\Program Files\Smiley Bar for Facebook\ScriptHost.dll =>Adware.SmileyBar
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Vuze_Remote\prxtbVuze.dll =>Toolbar.Conduit
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
~ BHO: 18 Scanned in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Vuze Remote Toolbar - [HKLM]{ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Vuze_Remote\prxtbVuze.dll =>Toolbar.Conduit
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{BA14329E-9550-4989-B3F2-9732E92D17CC} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Program [Public]: Vuze.lnk . (.Azureus Software, Inc - No Comment.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.Azureus
O4 - GS\QuickLaunch [Família]: Vuze.lnk . (.Azureus Software, Inc - No Comment.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.Azureus
~ Global Startup: 2 Scanned in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKCU\..\Run: [WinThemePack Logon] . (.WinThemePack.com - Tweak Planets Logon Screen.) -- C:\Program Files\WinThemePack\Planets Logon Screen\tweak.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Família\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [ManyCam] . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_0A24D40724EC3DD97A400ED691B1BD82] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Família\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3393474704-3534948117-546226987-1000\..\Run: [WinThemePack Logon] . (.WinThemePack.com - Tweak Planets Logon Screen.) -- C:\Program Files\WinThemePack\Planets Logon Screen\tweak.exe
O4 - HKUS\S-1-5-21-3393474704-3534948117-546226987-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Família\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3393474704-3534948117-546226987-1000\..\Run: [ManyCam] . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
O4 - HKUS\S-1-5-21-3393474704-3534948117-546226987-1000\..\Run: [GoogleChromeAutoLaunch_0A24D40724EC3DD97A400ED691B1BD82] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKUS\S-1-5-21-3393474704-3534948117-546226987-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Família\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s



---\\ Icones das opções IE invisiveis no painel das configurações (05)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s



---\\ Restrição do acesso a opções pelo Administrador (06)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel présent
~ IE Restrictions: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll =>.Microsoft Corporation
~ Winsock: 8 Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C94C0808-BD4D-4780-B061-46C648DB4B3B}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8212E24-F19E-4CE6-AF86-7CD1F6AEF76F}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C94C0808-BD4D-4780-B061-46C648DB4B3B}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{E8212E24-F19E-4CE6-AF86-7CD1F6AEF76F}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C94C0808-BD4D-4780-B061-46C648DB4B3B}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{E8212E24-F19E-4CE6-AF86-7CD1F6AEF76F}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\SupTab\SEARCH~1.dll (.not file.) =>PUP.SupTab
~ AppInit DLL: Scanned in 00mn 00s



---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) . (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files\XTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: MyLocalService (MyLocalService) . (...) - C:\Windows\system32\MyLocalServer\myservice.exe
O23 - Service: NTServiceSystem (NTServiceSystem) . (...) - C:\Windows\system32\NTServer\service.exe
O23 - Service: Online Games Manager (ogmservice) . (.RealNetworks, Inc. - Online Games Manager.) - C:\Program Files\Online Games Manager\ogmservice.exe
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA. - USB Device monitor.) - C:\Program Files\TIM Communicator\module\devicemon.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.SysTool PasSame LIMITED - Windows SysTool Svr.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
~ Services: 12 Scanned in 00mn 02s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s



---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.9915504F602D277EE47FD843A677FD15] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [256904]
[MD5.4999625054FFA2AFFCAFD085C1218307] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [3611416]
[MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\Família\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-3393474704-3534948117-546226987-1000Core] (.Facebook Inc..) -- C:\Users\Família\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-3393474704-3534948117-546226987-1000UA] (.Facebook Inc..) -- C:\Users\Família\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.51508F0C2476177E50C31B0BBFBF1BDB] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [107912]
[MD5.51508F0C2476177E50C31B0BBFBF1BDB] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [107912]
[MD5.EFB437D5DEB333C698E85D4912B7872D] [APT] [HPCustParticipation HP Deskjet 3050 J610 series] (.Hewlett-Packard Co..) -- C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2485096]
[MD5.7542E0053D5880D29A8CB55D0BC58282] [APT] [VisualBee-codedownloader] (.VisualBee.) -- C:\Program Files\VisualBee\VisualBee-codedownloader.exe [478424] =>Adware.VisualBeeToolbar
[MD5.B47F5498DEA045DB0E949BE1732DA4E5] [APT] [VisualBee-firefoxinstaller] (.VisualBee.) -- C:\Program Files\VisualBee\VisualBee-firefoxinstaller.exe [724184] =>Adware.VisualBeeToolbar
[MD5.18DF52E6A33574CBB645CDD74DD362FD] [APT] [VisualBee-updater] (.VisualBee.) -- C:\Program Files\VisualBee\VisualBee-updater.exe [363736] =>Adware.VisualBeeToolbar
[MD5.00000000000000000000000000000000] [APT] [{06E39EDE-FF55-4ACD-A1A4-057582CAF922}] (...) -- C:\Users\Família\Downloads\Tony Hawks Underground 2.By.ColdFire\Install.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{07CE9C41-8D71-4F38-831B-E30BAEDEB75B}] (...) -- C:\Users\Família\Desktop\rkfree_setup_1.4.exe (.not file.) [0] =>Keylogger.Logixoft
[MD5.00000000000000000000000000000000] [APT] [{18270EB3-F0A3-493B-8C96-307A7FF9077C}] (...) -- C:\Users\Família\Downloads\Shank_2 creed1994\Shank_2-ALI213\__Installer\vc\vc2008sp1\redist\vcredist_x64.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2B4B6725-08DD-4F33-BF92-770A5F74CF7C}] (...) -- C:\Users\Família\AppData\Roaming\omiga-plus\UninstallManager.exe (.not file.) [0] =>Hijacker.OmigaPlus
[MD5.00000000000000000000000000000000] [APT] [{2F6088BA-46AC-4E03-ACC1-3A8FCF91CDC4}] (...) -- E:\QuickTimeInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{35E32D24-76DA-4F53-A894-9BDE6C0DB568}] (...) -- C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3BA0FE1C-AF7C-48FE-A308-1DD22B25E89A}] (...) -- C:\Users\Família\Desktop\Chiave Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3EE9975C-8DD4-4776-9E4C-DE78F811E801}] (...) -- C:\Users\Família\Desktop\lightloggersetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{47B1C501-2CAE-4395-80ED-973426154341}] (...) -- C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{56B2A4B8-5A44-4919-A74D-67116EDCF105}] (...) -- E:\autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BFC5869B-4E1C-454E-AD6D-8CC2717D9656}] (...) -- E:\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CF61DBD9-7AD3-4973-B497-E2BC77FC1902}] (...) -- C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe (.not file.) [0]
[MD5.2E3CD4B7B42D5D231F8DA2EBC3988121] [APT] [{FADCEA66-4096-44ED-85EE-81083825E807}] (...) -- C:\Program Files\LG Electronics\LG Bluetooth Drivers\UninstallShld.exe [69632]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-3393474704-3534948117-546226987-1000Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3393474704-3534948117-546226987-1000Core.job [914]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-3393474704-3534948117-546226987-1000Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3393474704-3534948117-546226987-1000Core [914]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-3393474704-3534948117-546226987-1000UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3393474704-3534948117-546226987-1000UA.job [936]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-3393474704-3534948117-546226987-1000UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3393474704-3534948117-546226987-1000UA [936]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1054]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1058]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
O39 - APT: VisualBee-codedownloader - (.VisualBee.) -- C:\Windows\Tasks\VisualBee-codedownloader.job [1222] =>PUP.CrossRider
O39 - APT: VisualBee-codedownloader - (.VisualBee.) -- C:\Windows\System32\Tasks\VisualBee-codedownloader [1222] =>PUP.CrossRider
O39 - APT: VisualBee-firefoxinstaller - (.VisualBee.) -- C:\Windows\Tasks\VisualBee-firefoxinstaller.job [1838] =>PUP.CrossRider
O39 - APT: VisualBee-firefoxinstaller - (.VisualBee.) -- C:\Windows\System32\Tasks\VisualBee-firefoxinstaller [1838] =>PUP.CrossRider
O39 - APT: VisualBee-updater - (.VisualBee.) -- C:\Windows\Tasks\VisualBee-updater.job [1216] =>PUP.CrossRider
O39 - APT: VisualBee-updater - (.VisualBee.) -- C:\Windows\System32\Tasks\VisualBee-updater [1216] =>PUP.CrossRider
~ Scheduled Task: 36 Scanned in 00mn 04s



---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Identidade visual IEAK.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome Installer.) -- C:\Program Files\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
~ Active Setup: 12 Scanned in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (360SpOEM) . (.360安全中心 - 360安全卫士 - SelfProtection.) - C:\Windows\System32\drivers\360SpOEM.sys
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (dwkuhucv) . (. - .) - C:\Windows\system32\drivers\dwkuhucv.sys (.not file.)
O41 - Driver: (isdoxvhe) . (. - .) - C:\Windows\system32\drivers\isdoxvhe.sys (.not file.)
O41 - Driver: (mkwngkyi) . (. - .) - C:\Windows\system32\drivers\mkwngkyi.sys (.not file.)
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
~ Drivers: 78 Scanned in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader X (10.1.10) - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-AA1000000001}
O42 - Logiciel: Any Video Converter 5 5.0.3 - (.Any-Video-Converter.com.) [HKLM] -- Any Video Converter 5_is1
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {A83279FD-CA4B-4206-9535-90974DE76654}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} =>.Apple Inc
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Chiave - (.Meadows Interactives.) [HKLM] -- Chiave
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM] -- {64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM] -- {51C7AD07-C3F6-4635-8E8A-231306D810FE}
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM] -- {ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
O42 - Logiciel: Control Center - (.TPS.) [HKLM] -- {A09AB2EA-4E3B-48A8-A716-CD4FB3529548}
O42 - Logiciel: Curso HJ de Datilografia - (...) [HKLM] -- Curso HJ de Datilografia
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: DC-Bass Source 1.3.0 - (...) [HKLM] -- DC-Bass Source
O42 - Logiciel: DVD Suite - (.CyberLink Corporation.) [HKLM] -- {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: Dic Michaelis - UOL - (...) [HKLM] -- WDIC
O42 - Logiciel: DirectVobSub 2.40.4209 - (.MPC-HC Team.) [HKLM] -- vsfilter_is1
O42 - Logiciel: Dropbox - (.Dropbox, Inc..) [HKCU] -- Dropbox
O42 - Logiciel: Estudo de melhoria do produto HP Deskjet 3050 J610 series - (.Hewlett-Packard Co..) [HKLM] -- {5EDB0E45-D82B-4B8A-AA49-C11240900A78}
O42 - Logiciel: FLV Player - (.Somoto Ltd..) [HKCU] -- FLV Player =>Adware.MegaSearch
O42 - Logiciel: Facebook Video Calling 3.1.0.521 - (.Skype Limited.) [HKLM] -- {2091F234-EB58-4B80-8C96-8EB78C808CF7}
O42 - Logiciel: Finger Sensing Pad Driver - (.Sentelic.) [HKLM] -- {E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}
O42 - Logiciel: FreeUndelete 2.1.36867.1 - (.Recoveronix.) [HKLM] -- {0F5ADA2F-C0B2-4AD6-8FF7-7DFA9D6B4CBA}
O42 - Logiciel: GameShadow - (.GameShadow Ltd.) [HKLM] -- {F7C1C17E-70E3-475F-BD52-EA554391F15D}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Governor of Poker 2 Premium Edition v1.0 Multi - (.My Company, Inc..) [HKLM] -- {8BF806C4-2D77-4F67-8435-D4BDCEB665A8}_is1
O42 - Logiciel: HP Deskjet 3050 J610 series Ajuda - (.Hewlett Packard.) [HKLM] -- {F7632A9B-661E-4FD9-B1A4-3B86BC99847F}
O42 - Logiciel: HP Photo Creations - (.HP Photo Creations Powered by RocketLife.) [HKLM] -- HP Photo Creations
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {787D1A33-A97B-4245-87C0-7174609A540C}
O42 - Logiciel: Haali Media Splitter - (...) [HKLM] -- HaaliMkx
O42 - Logiciel: Instalação do DivX - (.DivX, LLC.) [HKLM] -- DivX Setup
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Intel® Matrix Storage Manager - (.Intel Corporation.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}
O42 - Logiciel: JDownloader 0.9 - (.AppWork GmbH.) [HKLM] -- 5513-1208-7298-9440
O42 - Logiciel: Java 8 Update 45 - (.Oracle Corporation.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83218045F0}
O42 - Logiciel: Keyboard status - (...) [HKLM] -- Keyboard status Setup V.1.0_is1
O42 - Logiciel: LAME v3.99.3 (for Windows) - (...) [HKLM] -- LAME_is1
O42 - Logiciel: LG Bluetooth Drivers - (.LG Electronics.) [HKLM] -- {AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}
O42 - Logiciel: LG United Mobile Drivers - (.LG Electronics.) [HKLM] -- {5DB849D6-9392-4FB7-9ABB-87ED433152E5}
O42 - Logiciel: Lagarith Lossless Codec (1.3.27) - (...) [HKLM] -- {F59AC46C-10C3-4023-882C-4212A92283B3}_is1
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MSXML 4.0 SP2 Parser and SDK - (.Microsoft Corporation.) [HKLM] -- {716E0306-8318-4364-8B8F-0CC4E9376BAC}
O42 - Logiciel: ManyCam 3.1.57 - (.ManyCam LLC.) [HKLM] -- ManyCam
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM] -- {6E3939AE-9996-4D07-9A30-14C78AE93576}
O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM] -- Microsoft Security Client
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Mozilla Firefox 37.0.2 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 37.0.2 (x86 pt-BR)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService
O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Nero 7 Premium - (.Nero AG.) [HKLM] -- {F14B8ECC-BDA0-4987-9201-D7B7DBE11046}
O42 - Logiciel: Olicard160 - (.Olivetti.) [HKLM] -- {49B40A1F-2AB0-4EE1-A6B0-56E7A85BEBFB}
O42 - Logiciel: Online Games Manager v1.30 - (.Real Networks, Inc..) [HKLM] -- Online Games Manager
O42 - Logiciel: OpenSource Flash Video Splitter 1.0.0.5 - (...) [HKLM] -- OpenSource Flash Video Splitter
O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E}
O42 - Logiciel: PhotoScape - (...) [HKLM] -- PhotoScape
O42 - Logiciel: Popcorn Time - (.Popcorn Official.) [HKCU] -- Popcorn Time
O42 - Logiciel: PowerDVD - (.CyberLink Corporation.) [HKLM] -- {6811CAA0-BF12-11D4-9EA1-0050BAE317E1}
O42 - Logiciel: PowerISO - (.Power Software Ltd.) [HKLM] -- PowerISO
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {7BE15435-2D3E-4B58-867F-9C75BED0208C}
O42 - Logiciel: REALTEK Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM] -- {9D3D8C60-A55F-4fed-B2B9-173F09590E16}
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Skype™ 6.11 - (.Skype Technologies S.A..) [HKLM] -- {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
O42 - Logiciel: Smiley Bar for Facebook - (.Status Winks.) [HKLM] -- Smiley Bar for Facebook =>Adware.SmileyBar
O42 - Logiciel: Software básico do dispositivo HP Deskjet 3050 J610 series - (.Hewlett-Packard Co..) [HKLM] -- {0FF0C809-9D51-4B7A-B315-A5874E6BF843}
O42 - Logiciel: System Requirements Lab CYRI - (.Husdawg, LLC.) [HKLM] -- {943A8D28-80D6-41DC-AE94-81FEB42041BF}
O42 - Logiciel: TIM Communicator - (...) [HKLM] -- OrolixCommunicator
O42 - Logiciel: Treasures of Montezuma - (.Atrativa.) [HKLM] -- 8441b0bbe5c37636013d63dfdd323628
O42 - Logiciel: Unity Web Player - (.Unity Technologies ApS.) [HKCU] -- UnityWebPlayer
O42 - Logiciel: VC80CRTRedist - 8.0.50727.6195 - (.DivX, Inc.) [HKLM] -- {933B4015-4618-4716-A828-5289FC03165F}
O42 - Logiciel: VisualBee - (.VisualBee.) [HKLM] -- VisualBee =>Adware.VisualBeeToolbar
O42 - Logiciel: VisualBee for Microsoft PowerPoint - (.VisualBee.com.) [HKCU] -- VisualBee for Microsoft PowerPoint =>Adware.VisualBeeToolbar
O42 - Logiciel: Vuze - (.Vuze Inc..) [HKLM] -- 8461-7759-5462-8226 =>P2P.Azureus
O42 - Logiciel: Vuze Remote Toolbar - (.Vuze Remote.) [HKLM] -- Vuze_Remote Toolbar =>P2P.Azureus
O42 - Logiciel: WinRAR 4.01 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} =>.Microsoft Corporation
O42 - Logiciel: WindowsMangerProtect20.0.0.502 - (.WindowsProtect LIMITED.) [HKLM] -- WindowsMangerProtect =>PUP.Fuyu
O42 - Logiciel: XMind 6 (v3.5.1) - (.XMind Ltd..) [HKLM] -- XMind_is1
O42 - Logiciel: ffdshow v1.1.4399 [2012-03-22] - (...) [HKLM] -- ffdshow_is1
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent =>P2P.BitTorrent
~ Logic: 74 Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload]
[HKCU\Software\APN PIP]
[HKCU\Software\AVAST Software]
[HKCU\Software\AVC]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\Amigo Mouse]
[HKCU\Software\AnvSoft]
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\JavaSoft]
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Software\Unity]
[HKCU\Software\AppDataLow\Software\VisualBee] =>Adware.VisualBeeToolbar
[HKCU\Software\AppDataLow\Software\Vuze_Remote] =>P2P.Azureus
[HKCU\Software\AppDataLow\Software\findlyrics] =>Adware.AddLyrics
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Art Plus]
[HKCU\Software\Auslogics]
[HKCU\Software\Autodesk]
[HKCU\Software\Azureus] =>P2P.Azureus
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BabylonToolbar] =>PUP.Babylon
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Baixaki]
[HKCU\Software\BitTorrent] =>P2P.BitTorrent
[HKCU\Software\Bugsplat]
[HKCU\Software\Chromium]
[HKCU\Software\ClassesB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\CoreVorbis]
[HKCU\Software\Cyberlink]
[HKCU\Software\DSP-worx]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DivXNetworks]
[HKCU\Software\DivX]
[HKCU\Software\EMailsCfg]
[HKCU\Software\Facebook]
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\GNU]
[HKCU\Software\Gabest]
[HKCU\Software\GbAs]
[HKCU\Software\GbPlugin]
[HKCU\Software\Geek Uninstaller]
[HKCU\Software\GetData]
[HKCU\Software\GlarySoft]
[HKCU\Software\Google]
[HKCU\Software\HP]
[HKCU\Software\Haali]
[HKCU\Software\IM Providers]
[HKCU\Software\INCAInternet]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\KeyBoard_status]
[HKCU\Software\LAV]
[HKCU\Software\LEAD Technologies, Inc.]
[HKCU\Software\LG Electronics]
[HKCU\Software\Lake]
[HKCU\Software\Licenses]
[HKCU\Software\LowRegistry]
[HKCU\Software\Macromedia]
[HKCU\Software\Macrovision]
[HKCU\Software\ManyCam]
[HKCU\Software\Modern UI Test]
[HKCU\Software\Mooii]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\Orolix]
[HKCU\Software\Pando Networks]
[HKCU\Software\Parsec Productions]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\PowerISO]
[HKCU\Software\Protect Software GmbH]
[HKCU\Software\RLZer]
[HKCU\Software\Realtek]
[HKCU\Software\Recover Files]
[HKCU\Software\Recoveronix]
[HKCU\Software\SimplyTech] =>PUP.SimplyTech
[HKCU\Software\SkypeRS]
[HKCU\Software\Skype]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\Syncsoft]
[HKCU\Software\System Requirements Lab]
[HKCU\Software\TNT2] =>Adware.TidyNetwork
[HKCU\Software\TechSmith]
[HKCU\Software\Trolltech]
[HKCU\Software\TuneUp]
[HKCU\Software\Unity]
[HKCU\Software\Visan]
[HKCU\Software\Visualbee] =>Adware.VisualBeeToolbar
[HKCU\Software\WebPlayer]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Wow6432Node]
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\Zugo] =>Adware.Zugo
[HKCU\Software\Zyrax Software]
[HKCU\Software\a578ddab13aef13] =>Hijacker.Eazel
[HKCU\Software\bi]
[HKCU\Software\drpsu]
[HKCU\Software\ej-technologies]
[HKLM\Software\360Safe]
[HKLM\Software\ACE Compression Software]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVAST Software]
[HKLM\Software\AVC]
[HKLM\Software\Aardwork]
[HKLM\Software\Adobe]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Autodesk]
[HKLM\Software\Azureus] =>P2P.Azureus
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\Bahamut]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\Big Fish Games]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\CyberLink]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\DivX]
[HKLM\Software\GNU]
[HKLM\Software\Gabest]
[HKLM\Software\GameInstaller]
[HKLM\Software\GlarySoft]
[HKLM\Software\Google]
[HKLM\Software\HP]
[HKLM\Software\Haemimont Games]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\Huawei technologies]
[HKLM\Software\IHProtect] =>Adware.AgentODR
[HKLM\Software\IM Providers]
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\InterVideo]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\LEAD Technologies, Inc.]
[HKLM\Software\LG Electronics]
[HKLM\Software\Lake]
[HKLM\Software\Lame For Audacity]
[HKLM\Software\Licenses]
[HKLM\Software\Macromedia]
[HKLM\Software\Macrovision]
[HKLM\Software\Mooii]
[HKLM\Software\Mortal Kombat Windows Theme]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\NetTcpHandler]
[HKLM\Software\Nokia]
[HKLM\Software\ODBC]
[HKLM\Software\Olivetti]
[HKLM\Software\Orolix]
[HKLM\Software\PIP]
[HKLM\Software\Pando Networks]
[HKLM\Software\PicexaSvc]
[HKLM\Software\Piriform]
[HKLM\Software\Planets Logon Screen]
[HKLM\Software\Planets Windows Theme]
[HKLM\Software\Policies]
[HKLM\Software\RTLSetup]
[HKLM\Software\RZsoft]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RocketLife]
[HKLM\Software\SRS Labs]
[HKLM\Software\Sakura]
[HKLM\Software\Sierra On-Line]
[HKLM\Software\Sierra OnLine]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\SupDp] =>PUP.SupTab
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\TPS]
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Trymedia Systems] =>Adware.Trymedia
[HKLM\Software\TuneUp]
[HKLM\Software\VBMZ] =>PUP.Duuqu
[HKLM\Software\Visan]
[HKLM\Software\Visualbee] =>Adware.VisualBeeToolbar
[HKLM\Software\Volatile]
[HKLM\Software\Vuze_Remote] =>P2P.Azureus
[HKLM\Software\WIBU-SYSTEMS]
[HKLM\Software\Waves Audio]
[HKLM\Software\WinRAR]
[HKLM\Software\Windows]
[HKLM\Software\Wow6432Node]
[HKLM\Software\XMind Ltd]
[HKLM\Software\a578ddab13aef13] =>Hijacker.Eazel
[HKLM\Software\ahead]
[HKLM\Software\delta-homesSoftware] =>Hijacker.DeltaHomes
[HKLM\Software\ej-technologies]
[HKLM\Software\hdcode]
[HKLM\Software\mozilla.org]
[HKLM\Software\omiga-plusSoftware] =>Hijacker.OmigaPlus
[HKLM\Software\supTab] =>PUP.SupTab
[HKLM\Software\supWindowsMangerProtect] =>PUP.Fuyu
~ Key Software: 381 Scanned in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/02/2013 - 18:37:22 - [] ----D C:\Program Files\Adobe
O43 - CFD: 17/03/2013 - 16:16:50 - [] ----D C:\Program Files\AnvSoft
O43 - CFD: 09/05/2013 - 19:30:50 - [] ----D C:\Program Files\Apple Software Update =>.Apple Inc
O43 - CFD: 24/01/2012 - 14:04:25 - [] -SH-D C:\Program Files\Arquivos Comuns
O43 - CFD: 28/06/2014 - 13:00:56 - [] ----D C:\Program Files\Autodesk
O43 - CFD: 24/01/2012 - 15:46:51 - [] ----D C:\Program Files\AVAST Software
O43 - CFD: 23/07/2014 - 15:45:21 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 06/07/2013 - 20:07:37 - [] ----D C:\Program Files\CCleaner
O43 - CFD: 24/01/2012 - 16:33:40 - [] ----D C:\Program Files\Cisco
O43 - CFD: 23/01/2013 - 15:38:25 - [] ----D C:\Program Files\CodeMeter
O43 - CFD: 16/04/2015 - 23:23:02 - [] ----D C:\Program Files\Common Files
O43 - CFD: 13/02/2013 - 17:51:27 - [] -SH-D C:\Program Files\Computer
O43 - CFD: 30/09/2012 - 19:07:26 - [] ----D C:\Program Files\Conduit
O43 - CFD: 24/01/2012 - 16:26:37 - [] ----D C:\Program Files\Control Center
O43 - CFD: 24/01/2012 - 15:37:37 - [] ----D C:\Program Files\CyberLink
O43 - CFD: 23/07/2014 - 15:51:13 - [] ----D C:\Program Files\DirectVobSub
O43 - CFD: 23/07/2014 - 15:51:10 - [] ----D C:\Program Files\DSP-worx
O43 - CFD: 07/10/2014 - 20:31:40 - [] ----D C:\Program Files\DVD Maker
O43 - CFD: 27/01/2013 - 19:56:18 - [] ----D C:\Program Files\File Scout =>PUP.FileScout
O43 - CFD: 24/01/2012 - 16:30:09 - [] ----D C:\Program Files\FSP
O43 - CFD: 26/11/2012 - 18:56:43 - [] ----D C:\Program Files\GameShadow
O43 - CFD: 25/04/2015 - 05:37:56 - [] ----D C:\Program Files\GbPlugin
O43 - CFD: 22/06/2013 - 12:08:59 - [] ----D C:\Program Files\Google
O43 - CFD: 21/04/2015 - 23:45:49 - [] ----D C:\Program Files\Governor of Poker 2 Premium Edition
O43 - CFD: 23/07/2014 - 15:51:11 - [] ----D C:\Program Files\Haali
O43 - CFD: 03/03/2012 - 14:24:58 - [] ----D C:\Program Files\HP
O43 - CFD: 03/03/2012 - 14:25:01 - [] ----D C:\Program Files\HP Photo Creations
O43 - CFD: 06/01/2013 - 15:52:37 - [] -SH-D C:\Program Files\Ink
O43 - CFD: 25/04/2015 - 05:37:56 - [] --H-D C:\Program Files\InstallShield Installation Information
O43 - CFD: 24/01/2012 - 18:08:05 - [] ----D C:\Program Files\Intel
O43 - CFD: 14/02/2012 - 02:32:02 - [] ----D C:\Program Files\InterActual
O43 - CFD: 07/10/2014 - 20:31:40 - [] ----D C:\Program Files\Internet Explorer
O43 - CFD: 16/04/2015 - 23:23:29 - [] ----D C:\Program Files\Java
O43 - CFD: 28/06/2014 - 14:10:10 - [] ----D C:\Program Files\JDownloader
O43 - CFD: 23/07/2014 - 15:33:58 - [] ----D C:\Program Files\K-Lite Codec Pack
O43 - CFD: 24/01/2012 - 16:29:03 - [] ----D C:\Program Files\Keyboard status
O43 - CFD: 23/07/2014 - 15:51:10 - [] ----D C:\Program Files\Lame For Audacity
O43 - CFD: 23/04/2015 - 20:29:39 - [] ----D C:\Program Files\LG Electronics
O43 - CFD: 07/10/2014 - 20:28:17 - [] ----D C:\Program Files\ManyCam
O43 - CFD: 24/01/2012 - 18:33:26 - [] ----D C:\Program Files\Meadows Interactives
O43 - CFD: 17/03/2013 - 15:45:19 - [] ----D C:\Program Files\MediaCoder
O43 - CFD: 14/07/2009 - 04:50:24 - [] ----D C:\Program Files\Microsoft Games
O43 - CFD: 24/01/2012 - 15:31:48 - [] ----D C:\Program Files\Microsoft Office
O43 - CFD: 19/05/2015 - 00:01:16 - [] ----D C:\Program Files\Microsoft Security Client
O43 - CFD: 24/05/2015 - 20:51:38 - [] ----D C:\Program Files\Microsoft Silverlight
O43 - CFD: 31/07/2012 - 00:46:17 - [] ----D C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 24/01/2012 - 15:31:44 - [] ----D C:\Program Files\Microsoft Visual Studio
O43 - CFD: 24/01/2012 - 15:30:22 - [] ----D C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 03/07/2014 - 20:19:39 - [] ----D C:\Program Files\Microsoft Works
O43 - CFD: 26/05/2012 - 14:19:35 - [] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 04/05/2015 - 10:22:15 - [] ----D C:\Program Files\Mozilla Firefox
O43 - CFD: 04/05/2015 - 10:22:14 - [] ----D C:\Program Files\Mozilla Maintenance Service
O43 - CFD: 24/01/2012 - 15:31:50 - [] ----D C:\Program Files\MSBuild
O43 - CFD: 30/06/2014 - 09:23:54 - [0] ----D C:\Program Files\MSXML 4.0
O43 - CFD: 24/01/2012 - 15:45:05 - [] ----D C:\Program Files\Nero
O43 - CFD: 25/04/2015 - 05:37:56 - [] ----D C:\Program Files\Olivetti
O43 - CFD: 21/07/2013 - 23:54:53 - [] ----D C:\Program Files\Online Games Manager
O43 - CFD: 23/07/2014 - 15:51:07 - [] ----D C:\Program Files\OpenSource Flash Video Splitter
O43 - CFD: 14/02/2012 - 21:20:42 - [] ----D C:\Program Files\Pando Networks
O43 - CFD: 24/01/2012 - 15:45:42 - [] ----D C:\Program Files\PhotoScape
O43 - CFD: 13/02/2012 - 14:44:01 - [] ----D C:\Program Files\PowerISO
O43 - CFD: 20/05/2013 - 02:07:14 - [] ----D C:\Program Files\PSafe
O43 - CFD: 09/05/2013 - 19:32:23 - [] ----D C:\Program Files\QuickTime
O43 - CFD: 21/07/2013 - 23:52:25 - [] ----D C:\Program Files\RealArcade
O43 - CFD: 24/01/2012 - 16:27:56 - [] ----D C:\Program Files\Realtek
O43 - CFD: 24/01/2012 - 16:33:30 - [] ----D C:\Program Files\REALTEK PCIE Wireless LAN Driver
O43 - CFD: 14/07/2009 - 01:52:30 - [] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 03/07/2014 - 20:23:38 - [] R---D C:\Program Files\Skype
O43 - CFD: 27/01/2013 - 20:05:20 - [] ----D C:\Program Files\Smiley Bar for Facebook =>Adware.SmileyBar
O43 - CFD: 17/02/2012 - 00:06:01 - [0] ----D C:\Program Files\SpeedBit Video Downloader
O43 - CFD: 23/07/2014 - 17:08:03 - [] ----D C:\Program Files\SupTab =>PUP.SupTab
O43 - CFD: 26/02/2012 - 18:28:19 - [] ----D C:\Program Files\SystemRequirementsLab
O43 - CFD: 24/01/2012 - 16:18:03 - [0] --H-D C:\Program Files\Temp
O43 - CFD: 16/07/2012 - 14:29:49 - [] ----D C:\Program Files\TIM Communicator
O43 - CFD: 21/07/2013 - 23:59:44 - [] ----D C:\Program Files\Tom Software
O43 - CFD: 14/07/2009 - 01:53:23 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 18/01/2013 - 15:22:56 - [] -SH-D C:\Program Files\Viky
O43 - CFD: 12/04/2015 - 02:31:51 - [] ----D C:\Program Files\VisualBee =>Adware.VisualBeeToolbar
O43 - CFD: 06/01/2013 - 11:32:11 - [] ----D C:\Program Files\VIVO INTERNET
O43 - CFD: 23/07/2014 - 14:59:27 - [] ----D C:\Program Files\Vuze =>P2P.Azureus
O43 - CFD: 07/10/2014 - 20:28:18 - [] ----D C:\Program Files\Vuze_Remote =>P2P.Azureus
O43 - CFD: 07/10/2014 - 20:31:40 - [] ----D C:\Program Files\Windows Defender
O43 - CFD: 07/10/2014 - 20:31:40 - [] ----D C:\Program Files\Windows Journal
O43 - CFD: 31/07/2012 - 00:08:18 - [] ----D C:\Program Files\Windows Live
O43 - CFD: 07/10/2014 - 20:31:40 - [] ----D C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 07/10/2014 - 20:31:40 - [] ----D C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 24/01/2012 - 14:04:25 - [] ----D C:\Program Files\Windows NT
O43 - CFD: 07/10/2014 - 20:31:40 - [] ----D C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 01:52:32 - [] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 07/10/2014 - 20:31:40 - [] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 24/01/2012 - 16:52:22 - [] ----D C:\Program Files\WinRAR
O43 - CFD: 23/07/2014 - 15:56:40 - [] ----D C:\Program Files\WinThemePack
O43 - CFD: 17/04/2015 - 01:28:46 - [] ----D C:\Program Files\XMind
O43 - CFD: 23/04/2015 - 07:02:12 - [] ----D C:\Program Files\XTab
O43 - CFD: 03/02/2013 - 21:33:02 - [] ----D C:\Program Files\Youtube Movie Maker
O43 - CFD: 26/05/2015 - 23:06:03 - [] ----D C:\Program Files\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 28/06/2014 - 14:45:56 - [] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 24/01/2012 - 15:45:56 - [] ----D C:\Program Files\Common Files\Ahead
O43 - CFD: 09/05/2013 - 19:31:07 - [] ----D C:\Program Files\Common Files\Apple
O43 - CFD: 05/07/2014 - 20:41:03 - [] ----D C:\Program Files\Common Files\DESIGNER
O43 - CFD: 23/07/2014 - 17:08:59 - [] ----D C:\Program Files\Common Files\DivX Shared
O43 - CFD: 05/02/2012 - 13:26:18 - [] ----D C:\Program Files\Common Files\i4j_jres
O43 - CFD: 15/02/2012 - 00:18:13 - [] ----D C:\Program Files\Common Files\INCA Shared
O43 - CFD: 17/05/2012 - 23:45:48 - [] ----D C:\Program Files\Common Files\InstallShield
O43 - CFD: 24/01/2012 - 18:08:05 - [] ----D C:\Program Files\Common Files\Intel
O43 - CFD: 16/04/2015 - 23:23:02 - [] ----D C:\Program Files\Common Files\Java
O43 - CFD: 24/01/2012 - 15:17:47 - [] ----D C:\Program Files\Common Files\Macrovision Shared
O43 - CFD: 03/07/2014 - 20:19:46 - [] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 07/10/2014 - 20:31:40 - [] ----D C:\Program Files\Common Files\Services
O43 - CFD: 24/01/2012 - 14:04:25 - [] -SH-D C:\Program Files\Common Files\Sistema
O43 - CFD: 09/04/2013 - 19:15:16 - [] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 13/07/2009 - 23:37:05 - [] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 07/10/2014 - 20:31:40 - [] ----D C:\Program Files\Common Files\System
O43 - CFD: 24/01/2012 - 15:49:45 - [] ----D C:\Program Files\Common Files\Windows Live
O43 - CFD: 11/11/2012 - 09:50:58 - [] ----D C:\Program Files\Common Files\YUMediaCodec
O43 - CFD: 03/02/2013 - 18:32:31 - [] ----D C:\ProgramData\Adobe
O43 - CFD: 03/04/2013 - 20:13:59 - [] ----D C:\ProgramData\APN
O43 - CFD: 09/05/2013 - 19:30:48 - [] ----D C:\ProgramData\Apple
O43 - CFD: 09/05/2013 - 19:31:53 - [] ----D C:\ProgramData\Apple Computer
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Application Data
O43 - CFD: 28/06/2014 - 12:49:54 - [] ----D C:\ProgramData\Autodesk
O43 - CFD: 28/06/2014 - 13:29:08 - [0] ----D C:\ProgramData\AVAST Software
O43 - CFD: 17/03/2013 - 15:34:04 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 23/07/2014 - 15:48:09 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 19/06/2013 - 10:54:06 - [0] ----D C:\ProgramData\Big Fish Games
O43 - CFD: 29/12/2012 - 19:03:27 - [] ----D C:\ProgramData\BlueSprig
O43 - CFD: 26/09/2014 - 11:55:52 - [] ----D C:\ProgramData\BlueStacksSetup
O43 - CFD: 11/04/2015 - 23:20:25 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 17/03/2013 - 16:17:30 - [] --H-D C:\ProgramData\Common Files
O43 - CFD: 05/02/2012 - 21:48:01 - [] ----D C:\ProgramData\CyberLink
O43 - CFD: 24/01/2012 - 14:04:25 - [] -SH-D C:\ProgramData\Dados de aplicativos
O43 - CFD: 06/01/2013 - 11:32:07 - [] ----D C:\ProgramData\DatacardService
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 23/07/2014 - 17:09:00 - [] ----D C:\ProgramData\DivX
O43 - CFD: 24/01/2012 - 14:04:25 - [] -SH-D C:\ProgramData\Documentos
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Documents
O43 - CFD: 09/02/2012 - 05:22:00 - [] ----D C:\ProgramData\EA Core
O43 - CFD: 09/02/2012 - 05:21:59 - [] ----D C:\ProgramData\EA Logs
O43 - CFD: 09/02/2012 - 05:21:59 - [] ----D C:\ProgramData\Electronic Arts
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Favorites
O43 - CFD: 24/01/2012 - 14:04:25 - [] -SH-D C:\ProgramData\Favoritos
O43 - CFD: 26/05/2012 - 14:58:55 - [] ----D C:\ProgramData\FLEXnet
O43 - CFD: 16/04/2015 - 23:11:36 - [] ----D C:\ProgramData\GAS Tecnologia
O43 - CFD: 02/10/2014 - 23:29:50 - [] ----D C:\ProgramData\GbPlugin
O43 - CFD: 03/03/2012 - 14:26:44 - [] ----D C:\ProgramData\HP
O43 - CFD: 03/03/2012 - 14:27:36 - [] ----D C:\ProgramData\HP Photo Creations
O43 - CFD: 28/06/2014 - 14:13:24 - [] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 15/07/2014 - 18:51:16 - [] ----D C:\ProgramData\IePluginServices =>PUP.IePluginService
O43 - CFD: 23/04/2015 - 07:02:09 - [] ----D C:\ProgramData\IHProtectUpDate =>Adware.AgentODR
O43 - CFD: 03/04/2013 - 20:07:42 - [] ----D C:\ProgramData\ManyCam
O43 - CFD: 24/01/2012 - 14:04:25 - [] -SH-D C:\ProgramData\Menu Iniciar
O43 - CFD: 28/06/2014 - 13:52:46 - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 19/05/2015 - 00:00:57 - [] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 24/01/2012 - 14:04:25 - [] -SH-D C:\ProgramData\Modelos
O43 - CFD: 04/05/2015 - 10:22:14 - [] ----D C:\ProgramData\Mozilla
O43 - CFD: 16/04/2015 - 23:23:44 - [] ----D C:\ProgramData\Oracle
O43 - CFD: 16/07/2012 - 14:29:49 - [] ----D C:\ProgramData\OrolixCommunicator
O43 - CFD: 07/10/2014 - 20:28:21 - [] ----D C:\ProgramData\PMB Files =>P2P.Pando
O43 - CFD: 31/01/2013 - 15:30:08 - [] ----D C:\ProgramData\Positivo Informática
O43 - CFD: 20/05/2013 - 02:05:46 - [] ----D C:\ProgramData\PSafe
O43 - CFD: 25/07/2012 - 11:41:15 - [] ----D C:\ProgramData\QuickTime
O43 - CFD: 05/01/2013 - 18:17:58 - [] ---AD C:\ProgramData\rkfree =>Keylogger.Logixoft
O43 - CFD: 03/07/2014 - 20:23:39 - [] ----D C:\ProgramData\Skype
O43 - CFD: 17/02/2012 - 00:02:46 - [0] ----D C:\ProgramData\SpeedBit
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 05/02/2012 - 13:33:30 - [] ----D C:\ProgramData\Sun
O43 - CFD: 17/03/2013 - 19:26:08 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 25/04/2015 - 05:37:57 - [] ---AD C:\ProgramData\TEMP
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Templates
O43 - CFD: 16/06/2014 - 20:03:43 - [] ----D C:\ProgramData\Trymedia =>Adware.Trymedia
O43 - CFD: 17/03/2013 - 16:17:44 - [] ----D C:\ProgramData\TuneUp Software
O43 - CFD: 07/10/2014 - 20:28:21 - [] ----D C:\ProgramData\VisualBee =>Adware.VisualBeeToolbar
O43 - CFD: 23/04/2015 - 07:00:40 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 07/10/2014 - 20:28:21 - [] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 07/10/2014 - 20:31:40 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 07/10/2014 - 20:31:40 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 17/03/2013 - 16:17:09 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
O43 - CFD: 29/11/2012 - 21:46:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
O43 - CFD: 29/08/2012 - 13:23:17 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro
O43 - CFD: 24/01/2012 - 16:26:26 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Control Center
O43 - CFD: 24/01/2012 - 15:37:28 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
O43 - CFD: 07/10/2014 - 20:28:21 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dic Michaelis - UOL
O43 - CFD: 23/07/2014 - 15:51:13 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
O43 - CFD: 23/07/2014 - 15:51:14 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
O43 - CFD: 07/10/2014 - 20:31:40 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 07/10/2014 - 20:28:21 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 21/04/2015 - 23:45:50 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Governor of Poker 2 Premium Edition
O43 - CFD: 27/01/2013 - 20:05:11 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
O43 - CFD: 03/03/2012 - 14:25:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
O43 - CFD: 24/01/2012 - 16:24:29 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
O43 - CFD: 16/04/2015 - 23:22:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
O43 - CFD: 17/05/2012 - 23:53:18 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso
O43 - CFD: 24/01/2012 - 16:29:03 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keyboard status
O43 - CFD: 07/10/2014 - 20:31:40 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 07/10/2014 - 20:28:21 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
O43 - CFD: 24/01/2012 - 15:32:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
O43 - CFD: 19/05/2015 - 00:00:02 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
O43 - CFD: 24/01/2012 - 15:45:53 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium
O43 - CFD: 24/01/2012 - 15:45:42 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
O43 - CFD: 18/12/2012 - 22:20:11 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Planets Logon Screen
O43 - CFD: 13/02/2012 - 14:44:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
O43 - CFD: 09/05/2013 - 19:32:09 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
O43 - CFD: 11/07/2013 - 12:02:03 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recover Files
O43 - CFD: 09/04/2013 - 19:15:17 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
O43 - CFD: 31/05/2013 - 19:52:41 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 14/07/2009 - 04:48:45 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 16/07/2012 - 14:29:49 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIM Communicator
O43 - CFD: 24/01/2012 - 16:52:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 17/04/2015 - 01:27:40 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
O43 - CFD: 26/05/2015 - 23:06:03 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP =>.Nicolas Coolman
O43 - CFD: 25/07/2013 - 19:05:38 - [] ----D C:\Users\Família\AppData\Roaming\.mono
O43 - CFD: 03/02/2013 - 18:32:56 - [] ----D C:\Users\Família\AppData\Roaming\Adobe
O43 - CFD: 06/02/2012 - 21:49:00 - [] ----D C:\Users\Família\AppData\Roaming\Ahead
O43 - CFD: 13/04/2013 - 23:00:51 - [] ----D C:\Users\Família\AppData\Roaming\AlawarEntertainment
O43 - CFD: 17/03/2013 - 16:17:20 - [] ----D C:\Users\Família\AppData\Roaming\AnvSoft
O43 - CFD: 11/05/2013 - 12:08:26 - [] ----D C:\Users\Família\AppData\Roaming\Apple Computer
O43 - CFD: 03/02/2013 - 18:29:42 - [0] ----D C:\Users\Família\AppData\Roaming\Art Plus
O43 - CFD: 24/01/2013 - 06:00:47 - [] ----D C:\Users\Família\AppData\Roaming\Auslogics
O43 - CFD: 28/06/2014 - 12:26:56 - [] ----D C:\Users\Família\AppData\Roaming\Autodesk
O43 - CFD: 23/04/2015 - 20:26:33 - [] ----D C:\Users\Família\AppData\Roaming\Azureus =>P2P.Azureus
O43 - CFD: 17/03/2013 - 15:34:03 - [] ----D C:\Users\Família\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 20/05/2013 - 20:35:06 - [] ----D C:\Users\Família\AppData\Roaming\baidu
O43 - CFD: 23/07/2014 - 15:48:09 - [] ----D C:\Users\Família\AppData\Roaming\Baidu Security
O43 - CFD: 29/12/2012 - 18:57:30 - [] ----D C:\Users\Família\AppData\Roaming\BlueSprig
O43 - CFD: 17/03/2013 - 15:45:19 - [0] ----D C:\Users\Família\AppData\Roaming\Broad Intelligence
O43 - CFD: 23/07/2014 - 15:51:12 - [] ----D C:\Users\Família\AppData\Roaming\CDXReader
O43 - CFD: 07/10/2014 - 20:28:22 - [] ----D C:\Users\Família\AppData\Roaming\Claro
O43 - CFD: 13/02/2012 - 23:42:50 - [] ----D C:\Users\Família\AppData\Roaming\CyberLink
O43 - CFD: 23/07/2014 - 16:54:35 - [] ----D C:\Users\Família\AppData\Roaming\DivX
O43 - CFD: 26/05/2015 - 22:33:20 - [] ----D C:\Users\Família\AppData\Roaming\Dropbox
O43 - CFD: 19/05/2013 - 20:00:35 - [0] ----D C:\Users\Família\AppData\Roaming\DRPSu
O43 - CFD: 23/07/2014 - 15:40:51 - [] ----D C:\Users\Família\AppData\Roaming\Geek Uninstaller
O43 - CFD: 10/02/2012 - 23:24:06 - [] ----D C:\Users\Família\AppData\Roaming\Hamachi
O43 - CFD: 03/03/2012 - 14:24:57 - [0] ----D C:\Users\Família\AppData\Roaming\HpUpdate
O43 - CFD: 24/01/2012 - 14:04:56 - [] ----D C:\Users\Família\AppData\Roaming\Identities
O43 - CFD: 24/01/2012 - 16:23:55 - [] ----D C:\Users\Família\AppData\Roaming\InstallShield
O43 - CFD: 23/07/2014 - 15:51:13 - [] ----D C:\Users\Família\AppData\Roaming\LavFilters
O43 - CFD: 23/04/2015 - 20:29:36 - [0] ----D C:\Users\Família\AppData\Roaming\LG Electronics
O43 - CFD: 24/01/2012 - 17:51:06 - [] ----D C:\Users\Família\AppData\Roaming\Macromedia
O43 - CFD: 04/04/2013 - 12:28:36 - [] ----D C:\Users\Família\AppData\Roaming\ManyCam
O43 - CFD: 14/07/2009 - 04:48:45 - [0] ----D C:\Users\Família\AppData\Roaming\Media Center Programs
O43 - CFD: 23/04/2015 - 22:27:53 - [] ----D C:\Users\Família\AppData\Roaming\Media Player Classic
O43 - CFD: 26/09/2014 - 11:24:03 - [] -S--D C:\Users\Família\AppData\Roaming\Microsoft
O43 - CFD: 20/03/2013 - 13:02:10 - [] ----D C:\Users\Família\AppData\Roaming\Mozilla
O43 - CFD: 23/01/2013 - 15:51:26 - [] ----D C:\Users\Família\AppData\Roaming\OfficeRecovery
O43 - CFD: 19/05/2013 - 19:56:40 - [] ----D C:\Users\Família\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 27/01/2013 - 23:13:59 - [0] ----D C:\Users\Família\AppData\Roaming\PerformerSoft =>PUP.PerformerSoft
O43 - CFD: 15/06/2012 - 20:04:52 - [] ----D C:\Users\Família\AppData\Roaming\PhotoScape
O43 - CFD: 31/08/2014 - 23:34:22 - [] ----D C:\Users\Família\AppData\Roaming\PopcornTime
O43 - CFD: 04/02/2013 - 18:06:15 - [0] ----D C:\Users\Família\AppData\Roaming\Positivo
O43 - CFD: 24/01/2012 - 15:36:18 - [] ----D C:\Users\Família\AppData\Roaming\Roxio Log Files
O43 - CFD: 30/09/2013 - 17:17:04 - [] ----D C:\Users\Família\AppData\Roaming\Skype
O43 - CFD: 27/01/2013 - 19:57:18 - [] ----D C:\Users\Família\AppData\Roaming\StatusWinks =>Toolbar.StatusWinks
O43 - CFD: 17/03/2013 - 16:17:44 - [] ----D C:\Users\Família\AppData\Roaming\TuneUp Software
O43 - CFD: 19/04/2013 - 12:23:18 - [] ----D C:\Users\Família\AppData\Roaming\Unity
O43 - CFD: 26/05/2015 - 22:34:29 - [] ----D C:\Users\Família\AppData\Roaming\uTorrent =>P2P.µTorrent
O43 - CFD: 23/12/2012 - 01:08:59 - [] ----D C:\Users\Família\AppData\Roaming\VIVO INTERNET
O43 - CFD: 24/01/2012 - 16:52:44 - [] ----D C:\Users\Família\AppData\Roaming\WinRAR
O43 - CFD: 07/02/2012 - 13:52:21 - [] ----D C:\Users\Família\AppData\Roaming\YoudaGames
O43 - CFD: 26/05/2015 - 23:08:08 - [] ----D C:\Users\Família\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 30/07/2012 - 22:00:04 - [] ----D C:\Users\Família\AppData\Local\Adobe
O43 - CFD: 06/02/2012 - 21:48:14 - [] ----D C:\Users\Família\AppData\Local\Ahead
O43 - CFD: 09/05/2013 - 19:30:56 - [] ----D C:\Users\Família\AppData\Local\Apple
O43 - CFD: 09/05/2013 - 19:36:39 - [] ----D C:\Users\Família\AppData\Local\Apple Computer
O43 - CFD: 25/08/2013 - 20:20:50 - [] ----D C:\Users\Família\AppData\Local\Apps
O43 - CFD: 09/02/2012 - 05:16:13 - [] ----D C:\Users\Família\AppData\Local\Ares
O43 - CFD: 25/08/2013 - 20:20:51 - [] ----D C:\Users\Família\AppData\Local\assembly
O43 - CFD: 02/06/2012 - 16:29:17 - [] ----D C:\Users\Família\AppData\Local\Autodesk
O43 - CFD: 13/09/2013 - 17:14:47 - [] ----D C:\Users\Família\AppData\Local\avgchrome
O43 - CFD: 20/05/2013 - 02:07:23 - [] ----D C:\Users\Família\AppData\Local\cache
O43 - CFD: 30/09/2012 - 19:07:24 - [] ----D C:\Users\Família\AppData\Local\Conduit
O43 - CFD: 30/09/2012 - 19:07:10 - [] ----D C:\Users\Família\AppData\Local\CRE
O43 - CFD: 24/01/2012 - 14:04:33 - [] -SH-D C:\Users\Família\AppData\Local\Dados de aplicativos
O43 - CFD: 25/05/2015 - 21:34:10 - [0] ----D C:\Users\Família\AppData\Local\Deployment
O43 - CFD: 29/01/2013 - 22:36:59 - [0] ----D C:\Users\Família\AppData\Local\Diagnostics
O43 - CFD: 11/11/2012 - 09:50:05 - [] ----D C:\Users\Família\AppData\Local\Downloaded Installations
O43 - CFD: 24/05/2015 - 22:10:30 - [0] ----D C:\Users\Família\AppData\Local\ElevatedDiagnostics
O43 - CFD: 07/10/2014 - 20:28:21 - [] ----D C:\Users\Família\AppData\Local\emaze
O43 - CFD: 11/03/2013 - 19:30:08 - [] ----D C:\Users\Família\AppData\Local\Facebook
O43 - CFD: 24/01/2012 - 16:35:22 - [0] ----D C:\Users\Família\AppData\Local\FSP
O43 - CFD: 25/04/2015 - 05:37:57 - [] ----D C:\Users\Família\AppData\Local\GAS Tecnologia
O43 - CFD: 22/06/2013 - 12:09:14 - [] ----D C:\Users\Família\AppData\Local\Google
O43 - CFD: 24/01/2012 - 14:04:33 - [] -SH-D C:\Users\Família\AppData\Local\Histórico
O43 - CFD: 03/03/2012 - 14:27:58 - [] ----D C:\Users\Família\AppData\Local\HP
O43 - CFD: 23/04/2015 - 20:29:36 - [0] ----D C:\Users\Família\AppData\Local\LG Electronics
O43 - CFD: 03/04/2013 - 20:13:59 - [] ----D C:\Users\Família\AppData\Local\ManyCam
O43 - CFD: 03/02/2013 - 21:29:25 - [] ----D C:\Users\Família\AppData\Local\Microsoft
O43 - CFD: 18/04/2012 - 15:23:25 - [] ----D C:\Users\Família\AppData\Local\Microsoft Games
O43 - CFD: 24/01/2012 - 15:29:52 - [0] ----D C:\Users\Família\AppData\Local\Microsoft Help
O43 - CFD: 04/05/2015 - 10:39:27 - [] ----D C:\Users\Família\AppData\Local\Mozilla
O43 - CFD: 12/02/2013 - 21:58:29 - [] ----D C:\Users\Família\AppData\Local\PMB Files =>P2P.Pando
O43 - CFD: 11/04/2015 - 23:50:11 - [] ----D C:\Users\Família\AppData\Local\Popcorn Time
O43 - CFD: 03/05/2015 - 00:05:29 - [] ----D C:\Users\Família\AppData\Local\Popcorn-Time
O43 - CFD: 06/01/2013 - 15:52:30 - [] ----D C:\Users\Família\AppData\Local\Programs
O43 - CFD: 20/05/2013 - 04:37:25 - [] ----D C:\Users\Família\AppData\Local\PSafe
O43 - CFD: 26/05/2015 - 23:07:47 - [] ----D C:\Users\Família\AppData\Local\Temp
O43 - CFD: 24/01/2012 - 14:04:33 - [] -SH-D C:\Users\Família\AppData\Local\Temporary Internet Files
O43 - CFD: 19/04/2013 - 12:21:50 - [] ----D C:\Users\Família\AppData\Local\Unity
O43 - CFD: 06/06/2012 - 14:02:51 - [] ----D C:\Users\Família\AppData\Local\VirtualStore
O43 - CFD: 25/08/2013 - 20:20:55 - [] ----D C:\Users\Família\AppData\Local\VisualBeeClient =>Adware.VisualBeeToolbar
O43 - CFD: 07/10/2014 - 20:28:22 - [] ----D C:\Users\Família\AppData\Local\VisualBeeExe =>Adware.VisualBeeToolbar
O43 - CFD: 04/08/2012 - 11:17:39 - [] ----D C:\Users\Família\AppData\Local\Windows Live
O43 - CFD: 14/07/2009 - 01:42:04 - [] R---D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 07/10/2014 - 20:28:22 - [] R---D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 13/09/2013 - 17:13:32 - [] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard
O43 - CFD: 07/10/2014 - 20:28:22 - [] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curso HJ de Datilografia
O43 - CFD: 16/02/2013 - 18:18:52 - [] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
O43 - CFD: 24/01/2012 - 15:13:11 - [0] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dic Michaelis - UOL
O43 - CFD: 18/05/2015 - 20:56:21 - [] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
O43 - CFD: 15/07/2014 - 18:48:53 - [] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
O43 - CFD: 23/01/2013 - 15:51:12 - [] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeUndelete
O43 - CFD: 07/10/2014 - 20:28:22 - [] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 26/11/2012 - 18:56:45 - [] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
O43 - CFD: 27/01/2013 - 20:05:09 - [0] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
O43 - CFD: 14/07/2009 - 01:37:42 - [] R---D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 11/04/2015 - 23:50:11 - [] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
O43 - CFD: 18/05/2015 - 20:56:25 - [] R---D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 24/01/2012 - 16:52:23 - [] ----D C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
~ 92 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 410 Scanned in 00mn 02s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.2A66E81AE941E54A237490FC35D387C8] - 19/05/2015 - 00:01:36 ---A- . (...) -- C:\Windows\epplauncher.mif [1945]
O44 - LFC:[MD5.BCFC45426FF5C50532F727EB38B1C090] - 26/05/2015 - 22:30:35 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.CB6EA20D2BAA1375EEB0E098E1DB3F6B] - 26/05/2015 - 22:30:47 ---A- . (...) -- C:\Windows\setupact.log [2240]
O44 - LFC:[MD5.5D9C3E06308A6B2C5ADA5E6228637B50] - 26/05/2015 - 22:42:03 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1370660]
O44 - LFC:[MD5.B2C932FC400CC241D221A5FD3E921F78] - 26/05/2015 - 23:05:07 ---A- . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\ZHPDiag2.exe [6882129]
~ Files: 5 Scanned in 00mn 02s



---\\ Últimos arquivos criados no Windows Prefetcher (045)
O45 - LFCP:[MD5.1E457EE9D7E01574EBE763736748B860] - 26/05/2015 - 22:32:07 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-C9E7F4BE.pf =>P2P.µTorrent
O45 - LFCP:[MD5.E07BF771676F5F2F4D227196A518969A] - 25/05/2015 - 00:27:00 ---A- - C:\Windows\Prefetch\VISUALBEE-CODEDOWNLOADER.EXE-E7922829.pf =>Adware.VisualBeeToolbar
O45 - LFCP:[MD5.5AFE9B9D956AC14D6448E728B92AF0B2] - 25/05/2015 - 00:26:01 ---A- - C:\Windows\Prefetch\VISUALBEE-FIREFOXINSTALLER.EX-9B2CD504.pf =>Adware.VisualBeeToolbar
O45 - LFCP:[MD5.A133488B1C2F402597554713B3FE26FE] - 25/05/2015 - 00:27:03 ---A- - C:\Windows\Prefetch\VISUALBEE-UPDATER.EXE-CC8B3168.pf =>Adware.VisualBeeToolbar
~ Prefetcher: 4 Scanned in 00mn 00s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Negação do serviço (Local Security Authority) (048)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll
~ LSA: 9 Scanned in 00mn 00s



---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 13 Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{8fc642ca-97c5-11e1-9a81-00e04c0dc181}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{8fc642dc-97c5-11e1-9a81-00e04c0dc181}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{9cd74f61-a88c-11e2-94be-f4f99a2c0913}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)
O51 - MPSK:{9e0c19fb-1115-11e4-8bbc-ec73f683746e}\AutoRun\command. (...) -- F:\MotorolaDeviceManagerSetup.exe (.not file.)
O51 - MPSK:{c7413046-cf68-11e1-9aed-1c659d06514d}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
O51 - MPSK:{c8adf7cd-59b0-11e1-9fb5-00e04c0dc181}\AutoRun\command. (...) -- F:\WindowsUI\Autorun.exe (.not file.)
O51 - MPSK:{c997daaa-f1f4-11e1-b9ab-bb82847c7b12}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{c997dac9-f1f4-11e1-b9ab-bb82847c7b12}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.tscc"="tsccvid.dll" . (.TechSmith Corporation - TechSmith Screen Capture Codec.) -- C:\Windows\System32\tsccvid.dll
O52 - TDSD: \Drivers32\"VIDC.LAGS"="lagarith.dll" . (.No owner - Lagarith.) -- C:\Windows\System32\lagarith.dll
O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.No owner - ffdshow VFW.) -- C:\Windows\System32\ff_vfw.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codecp.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\l3codecp.acm
O52 - TDSD: \drivers.desc\"tsccvid.dll"="TechSmith Screen Capture Codec" . (.TechSmith Corporation - TechSmith Screen Capture Codec.) -- C:\Windows\System32\tsccvid.dll
O52 - TDSD: \drivers.desc\"lagarith.dll"="Lagarith lossless codec [LAGS]" . (.No owner - Lagarith.) -- C:\Windows\System32\lagarith.dll
O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.No owner - ffdshow VFW.) -- C:\Windows\System32\ff_vfw.dll
O52 - TDSD: \drivers.desc\"l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ TDSD: 10 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O53 - SMSR:HKLM\...\startupreg\APSDaemon [Key] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O53 - SMSR:HKLM\...\startupreg\ares [Key] . (...) -- C:\Program Files\Ares\Ares.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Chiave [Key] . (.Meadows Interactives - Chiave.) -- C:\Program Files\Meadows Interactives\Chiave\Chiave.exe
O53 - SMSR:HKLM\...\startupreg\Control Center [Key] . (...) -- C:\Program Files\Control Center\CCenter.exe
O53 - SMSR:HKLM\...\startupreg\fspuip [Key] . (.Sentelic Corporation - Finger-sensing Pad User Interactive Program.) -- C:\Program Files\FSP\fspuip.exe
O53 - SMSR:HKLM\...\startupreg\GrooveMonitor [Key] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O53 - SMSR:HKLM\...\startupreg\HP Software Update [Key] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O53 - SMSR:HKLM\...\startupreg\IAAnotif [Key] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O53 - SMSR:HKLM\...\startupreg\LanguageShortcut [Key] . (.No owner - Language Application.) -- C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O53 - SMSR:HKLM\...\startupreg\RemoteControl [Key] . (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O53 - SMSR:HKLM\...\startupreg\RtHDVCpl [Key] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
~ SMSR Keys: 14 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
~ MWPE Keys: 2 Scanned in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:05/04/2013 - 17:42:50 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [152880]
O58 - SDL:05/04/2013 - 17:42:50 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [61488]
O58 - SDL:05/04/2013 - 17:42:50 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [29744]
O58 - SDL:05/04/2013 - 17:42:50 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:13/07/2009 - 22:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys [297552]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\Drivers\adpu320.sys [146512]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\Drivers\aliide.sys [14400]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [79952]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\System32\Drivers\amdsbs.sys [159312]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [23616]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys [76368]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [86608]
O58 - SDL:27/06/2013 - 19:50:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:27/06/2013 - 19:50:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:27/06/2013 - 19:50:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:13/07/2009 - 19:02:49 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\b57nd60x.sys [229888]
O58 - SDL:11/03/2014 - 00:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltLo.sys [13568]
O58 - SDL:13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltUp.sys [5248]
O58 - SDL:13/07/2009 - 21:57:25 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\Drivers\BrSerId.sys [272128]
O58 - SDL:13/07/2009 - 19:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\Drivers\BrSerWdm.sys [62336]
O58 - SDL:13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [12160]
O58 - SDL:13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\Drivers\BrUsbSer.sys [11904]
O58 - SDL:13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbdx.sys [430080]
O58 - SDL:13/07/2009 - 22:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\cmdide.sys [15952]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\Drivers\djsvs.sys [70720]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbdx.sys [3100160]
O58 - SDL:18/08/2011 - 19:00:24 ---A- . (.Huawei Technologies Co., Ltd. - USB NDIS Miniport Driver.) -- C:\Windows\System32\Drivers\ewusbwwan.sys [350720]
O58 - SDL:09/11/2009 - 17:42:46 ---A- . (.Sentelic Corporation - Finger-sensing Pad Driver.) -- C:\Windows\System32\Drivers\fspad_wlh32.sys [42496]
O58 - SDL:21/07/2014 - 11:23:58 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:02/10/2014 - 23:29:58 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:10/02/2012 - 23:22:55 ---A- . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) -- C:\Windows\System32\Drivers\hamachi.sys [25280]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [67152]
O58 - SDL:13/10/2009 - 10:09:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\Drivers\iaStor.sys [331288]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\Drivers\iaStorV.sys [332352]
O58 - SDL:10/04/2011 - 10:44:58 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd32.sys [10783744]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys [41040]
O58 - SDL:26/02/2010 - 14:31:22 ---A- . (.Intel Corporation - Intel(R) Turbo Boost Technology Driver.) -- C:\Windows\System32\Drivers\Impcd.sys [132480]
O58 - SDL:15/10/2010 - 00:27:20 ---A- . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\Windows\System32\Drivers\IntcDAud.sys [269824]
O58 - SDL:02/03/2012 - 16:02:00 ---A- . (.LG Electronics Inc. - LGE Android Platform Driver.) -- C:\Windows\System32\Drivers\lgandbus.sys [14336]
O58 - SDL:02/03/2012 - 16:02:00 ---A- . (.LG Electronics Inc. - LGE Android Platform Driver.) -- C:\Windows\System32\Drivers\lganddiag.sys [20736]
O58 - SDL:02/03/2012 - 16:02:00 ---A- . (.LG Electronics Inc. - LGE Android Platform Driver.) -- C:\Windows\System32\Drivers\lgandgps.sys [20096]
O58 - SDL:02/03/2012 - 16:02:00 ---A- . (.LG Electronics Inc. - LGE Android Platform Driver.) -- C:\Windows\System32\Drivers\lgandmodem.sys [25088]
O58 - SDL:03/07/2012 - 11:56:00 ---A- . (.Google Inc - ADB Interface.) -- C:\Windows\System32\Drivers\lgandnetadb.sys [25856]
O58 - SDL:03/07/2012 - 11:43:00 ---A- . (.LG Electronics Inc. - LGE AndroidNet Driver.) -- C:\Windows\System32\Drivers\lgandnetdiag.sys [23040]
O58 - SDL:03/07/2012 - 11:43:00 ---A- . (.LG Electronics Inc. - LGE AndroidNet Driver.) -- C:\Windows\System32\Drivers\lgandnetmodem.sys [27776]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_fc.sys [95824]
O58 - SDL:13/07/2009 - 22:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [89168]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [54864]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys [96848]
O58 - SDL:31/01/2013 - 06:50:58 ---A- . (.ManyCam LLC - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv.sys [22656]
O58 - SDL:11/10/2012 - 00:08:10 ---A- . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Windows\System32\Drivers\mcvidrv.sys [34432]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\System32\Drivers\megasas.sys [30800]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\MegaSR.sys [235584]
O58 - SDL:13/07/2009 - 22:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys [44624]
O58 - SDL:13/10/2005 - 08:15:20 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\Windows\System32\Drivers\nmwcd.sys [124928]
O58 - SDL:15/07/2010 - 21:45:44 ---A- . (.CACE Technologies, Inc. - npf.sys (NT5/6 x86) Kernel Driver.) -- C:\Windows\System32\Drivers\NPF.sys [35088]
O58 - SDL:13/07/2009 - 22:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [117312]
O58 - SDL:13/07/2009 - 22:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [142416]
O58 - SDL:07/04/2010 - 11:23:36 ---A- . (.Olivetti - USB/Serial Device Driver.) -- C:\Windows\System32\Drivers\Olicard160ser.sys [105344]
O58 - SDL:10/06/2010 - 02:14:34 ---A- . (.Windows (R) Codename Longhorn DDK provider - Alcatelusb Driver.) -- C:\Windows\System32\Drivers\Olicard160Usb.sys [19968]
O58 - SDL:10/12/2009 - 18:25:12 ---A- . (.TCT International Mobile Inc. - USB NDIS Miniport Driver.) -- C:\Windows\System32\Drivers\olicard160usbnet.sys [118272]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\Drivers\ql2300.sys [1383488]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\Drivers\ql40xx.sys [106064]
O58 - SDL:30/07/2009 - 07:58:26 ---A- . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver.) -- C:\Windows\System32\Drivers\Rt86win7.sys [187392]
O58 - SDL:10/11/2009 - 15:43:32 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\RTKVHDA.sys [2804192]
O58 - SDL:14/03/2011 - 16:15:58 ---A- . (.Realtek Semiconductor Corporation - Realtek RTL81892SE NDIS Driverr.) -- C:\Windows\System32\Drivers\rtl8192se.sys [1115240]
O58 - SDL:15/11/2011 - 00:50:16 ---A- . (.Power Software Ltd - PowerISO Virtual Drive.) -- C:\Windows\System32\Drivers\scdemu.sys [112096]
O58 - SDL:13/07/2009 - 17:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [20480]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [40016]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [77888]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:27/08/2008 - 10:06:00 ---A- . (.TPS Corporation - TPS Firmware Extension Device Driver.) -- C:\Windows\System32\Drivers\tpsacpi.sys [10728]
O58 - SDL:13/07/2009 - 22:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [16976]
O58 - SDL:13/07/2009 - 22:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys [141904]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:05/01/2005 - 00:43:08 ---A- . (.INCA Internet Co., Ltd. - nProtect NPSC Kernel Mode Driver for NT.) -- C:\Windows\System32\npptNT2.sys [4682]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
O58 - SDL:04/10/2010 - 20:59:32 ---A- . (...) -- C:\Windows\System32\StarOpen.sys [5632]
~ Drivers: 95 Scanned in 00mn 15s



---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 22/05/2015 - 23:08:33 ---A- . (.Google Inc..) -- C:\Users\Família\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll [189256]
O61 - LFC: 22/05/2015 - 23:08:33 ---A- . (.Google Inc..) -- C:\Users\Família\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll [189256]
O61 - LFC: 26/05/2015 - 23:08:33 ---A- . (...) -- C:\Users\Família\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
O61 - LFC: 26/05/2015 - 23:08:39 ---A- . (...) -- C:\Users\Família\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnvzpg0.dll [43008]
~ 1228 Fichiers temporaires (Temporary files)
~ 146 Fichiers cookies (Cookies files)
~ Files: 4 Scanned in 00mn 16s



---\\ Ficheiros Alternate Data Stream (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\:4B8300DD_Bb.gbp
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\drivers\:GbpKmAp.lst
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\:GbpKmAp.lst
~ ADS: Scanned in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 11/03/2014 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 21/07/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 02/10/2014 - C:\Windows\System32\DRIVERS\gbpndisrdn.sys (ndisrd) .(.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - LEGACY_NDISRD
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 114 Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.scr> [HKCU\..\open\Command] (.Microsoft Corporation - Bloco de notas.) -- C:\Windows\system32\notepad.exe
~ FASS Keys: 12 Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {483830EE-A4CD-4b71-B0A3-3D82E62A6909} - () - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {7DC0055E-1C76-479B-9C92-9D2459569A1F} - (atajitos) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://do-search.com =>PUP.DoSearches
~ Keys: Scanned in 00mn 00s



---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [62464]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [168448]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll [591360]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [667136]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll [473088]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll [90624]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [285184]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [75264]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll [49664]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [300544]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windows(TM).) -- C:\Windows\System32\tapisrv.dll [241664]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\System32\termsrv.dll [543232]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1933848]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\Windows\System32\qmgr.dll [589312]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [328192]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll [497152]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [21504]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [46592]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [114688]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [49664]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [61440]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [98304]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [162816]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [749056]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\kmsvc.dll [71168]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll [99328]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [168960]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [102912]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [37376]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [76800]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll [149504]
~ Services: 33 Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.2055D75501CB8D51CE95A7A3A0F40CBE] [SPRF][23/04/2015] (...) -- C:\Users\Família\AppData\Roaming\unins000.dat [16743]
[MD5.6E0BB5B9C845CDC764B2998FE612F73E] [SPRF][06/10/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Família\AppData\Roaming\unins000.exe [815314]
[MD5.BC849BA56CE71049C5B7234346F94CC0] [SPRF][24/01/2012] (...) -- C:\Users\Família\Desktop\AMCAP.exe [49152]
[MD5.30FADBA93E9430A63F19DA9935DE4369] [SPRF][23/07/2014] (.Gabest - Media Player Classic.) -- C:\Users\Família\Desktop\media-player-classic-6.9.4.1-en.exe [4411392]
[MD5.CF23C30CDFA3AAF1297801F4CED42876] [SPRF][07/02/2012] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropENU.dll [116136]
[MD5.969D6CE3BF884C0958EEBA0A9177CD5B] [SPRF][27/02/2012] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropPTB.dll [121456]
~ Files: 6 Scanned in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{F21571B2-25A5-4F70-B6BB-1CA1F6B0BAC8}" | In - Private - P6 - TRUE | .(.Azureus Software, Inc - No Comment.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.Azureus
O87 - FAEL: "{9CFF69E4-A20A-4606-A441-ED9FF80BDB11}" | In - Private - P17 - TRUE | .(.Azureus Software, Inc - No Comment.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.Azureus
O87 - FAEL: "TCP Query User{36A56254-7139-42B5-A255-1906A21A81D4}C:\program files\vuze\azureus.exe" | In - Public - P6 - TRUE | .(.Azureus Software, Inc - No Comment.) -- C:\program files\vuze\azureus.exe =>P2P.Azureus
O87 - FAEL: "UDP Query User{6C2665EB-F355-4E1E-8349-DBB0FC905A9D}C:\program files\vuze\azureus.exe" | In - Public - P17 - TRUE | .(.Azureus Software, Inc - No Comment.) -- C:\program files\vuze\azureus.exe =>P2P.Azureus
O87 - FAEL: "{D8FF17CA-9823-4E6B-AE6D-34E2666DC888}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Família\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{7BEC05F1-4668-4D18-8C8E-0FB4452BB0CF}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Família\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 6 Scanned in 00mn 01s



---\\ Exportar as chaves do registo aleatórias (091)
[HKCU\Software\a578ddab13aef13\2.6.1339.144\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\2.6.1519.190\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\2.6.1673.238\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:version="2.6.1249.132" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version="2.6.1339.144" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:version="2.6.1519.190" =>Hijacker.Eazel
[HKCU\Software\a578ddab13aef13] =>PUP.Babylon^
[HKCU\Software\a578ddab13aef13]:version="2.6.1673.238" =>Hijacker.Eazel
[HKLM\Software\a578ddab13aef13]:version="2.6.1673.238" =>Hijacker.Eazel
~ Export Key Software: Scanned in 00mn 00s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: Nero Scout - {3d6be802-fc0d-4595-a304-e611f97089dc}
~ MNS: 1 Scanned in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\Azureus_RASAPI32 =>P2P.Azureus
HKLM\SOFTWARE\Microsoft\Tracing\Azureus_RASMANCS =>P2P.Azureus
HKLM\SOFTWARE\Microsoft\Tracing\FindLyrics_RASAPI32 =>Adware.AddLyrics
HKLM\SOFTWARE\Microsoft\Tracing\FindLyrics_RASMANCS =>Adware.AddLyrics
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\Offercast2802_MYC__RASAPI32 =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\Offercast2802_MYC__RASMANCS =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\PCPerformer_RASAPI32 =>PUP.PerformerSoft
HKLM\SOFTWARE\Microsoft\Tracing\PCPerformer_RASMANCS =>PUP.PerformerSoft
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_lightlogger_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_lightlogger_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_revealer-keylogger_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_revealer-keylogger_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASAPI32 =>Adware.Zugo
HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASMANCS =>Adware.Zugo
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_v5_RASAPI32 =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_v5_RASMANCS =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\vbmz_RASAPI32 =>PUP.Duuqu
HKLM\SOFTWARE\Microsoft\Tracing\vbmz_RASMANCS =>PUP.Duuqu
HKLM\SOFTWARE\Microsoft\Tracing\visualbee-bg_RASAPI32 =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\visualbee-bg_RASMANCS =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-chromeinstaller_RASAPI32 =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-chromeinstaller_RASMANCS =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-codedownloader_RASAPI32 =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-codedownloader_RASMANCS =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-enabler_RASAPI32 =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-enabler_RASMANCS =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-firefoxinstaller_RASAPI32 =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-firefoxinstaller_RASMANCS =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-updater_RASAPI32 =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-updater_RASMANCS =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASMANCS =>PUP.WpManager
HKLM\SOFTWARE\Microsoft\Tracing\yontoo-C4-1BF8_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Microsoft\Tracing\yontoo-C4-1BF8_RASMANCS =>Adware.Yontoo
HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS =>Adware.Yontoo
~ BTK: 528 Scanned in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110311391106}] (VisualBee) =>Adware.VisualBeeToolbar
[HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}] (Groove WebBrowserView2) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220322392206}] (CrossriderApp0033906.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] (Smiley Bar for Facebook) =>Adware.SmileyBar
[HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}] (Vuze Remote Toolbar) =>P2P.Azureus
[HKCR\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}] (Vuze Remote API Server) =>P2P.Azureus
~ BCK: 8061 Scanned in 00mn 15s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 22/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 26/05/2012 1044816 | (FLEXnet Licensing Service) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 26/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 26/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 15/04/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 09/10/2006 724992 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 29/12/2011 4111704 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 22/07/1658 0 | (WinRing0_1_2_0) . (...) - C:\Users\Família\AppData\Local\Temp\tmp3EFA.tmp
SR - | Auto 08/05/2014 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 03/12/2012 2571704 | (CodeMeter.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
SR - | Auto 21/07/2014 546104 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 13/10/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 19/04/2015 158816 | (IHProtect Service) . (.XTab system.) - C:\Program Files\XTab\ProtectService.exe =>Adware.AgentODR
SR - | Auto 30/04/2015 22216 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 16/06/2014 144472 | (MyLocalService) . (...) - C:\Windows\system32\MyLocalServer\myservice.exe
SR - | Auto 05/01/2013 91664 | (NTServiceSystem) . (...) - C:\Windows\system32\NTServer\service.exe
SR - | Auto 27/03/2014 581568 | (ogmservice) . (.RealNetworks, Inc..) - C:\Program Files\Online Games Manager\ogmservice.exe
SR - | Auto 05/10/2011 32672 | (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA..) - C:\Program Files\TIM Communicator\module\devicemon.exe
SR - | Auto 23/04/2015 531968 | (WindowsMangerProtect) . (.SysTool PasSame LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 17s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Família at 26/05/2015 23:09:59
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x83A52718] >> \Device\Harddisk0\DR0[0x87BB9948]
3 CLASSPNP[0x8C5A659E] >> ntkrnlpa!IofCallDriver[0x83A52718] >> \Device\Ide\IAAStorageDevice-1[0x870C6028]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Scanned in 00mn 02s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, http://ad13.geekstog
Run by Família at 26/05/2015 23:10:01
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scâner Aditional (088)
Database Version : 13008 - (25/05/2015)
Clés trouvées (Keys found) : 90
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 31
Fichiers trouvés (Files found) : 43

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311391106}] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}] =>Toolbar.Conduit^
[HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player] =>Adware.MegaSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smiley Bar for Facebook] =>Adware.SmileyBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee] =>Adware.VisualBeeToolbar^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee for Microsoft PowerPoint] =>Adware.VisualBeeToolbar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\8461-7759-5462-8226] =>P2P.Azureus^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar] =>P2P.Azureus^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect] =>PUP.Fuyu^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
[HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}] =>Adware.BullseyeToolbar
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba14329e-9550-4989-b3f2-9732e92d17cc}] =>PUP.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba14329e-9550-4989-b3f2-9732e92d17cc}] =>PUP.Conduit
[HKLM\Software\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}] =>PUP.Conduit
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\Prod.cap] =>PUP.ClaroSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}] =>PUP.Conduit
[HKLM\Software\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}] =>PUP.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}] =>PUP.Conduit
[HKLM\Software\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}] =>Adware.Adkubru
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\BabylonToolbar] =>PUP.Babylon
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>PUP.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>PUP.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\AppDataLow\Toolbar] =>PUP.Conduit
[HKCU\Software\Zugo] =>Adware.Zugo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKLM\Software\VBMZ] =>PUP.Conduit
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar
[HKLM\Software\Classes\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar
[HKLM\Software\Classes\ScriptHost.Tool.1] =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHost.Tool] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\AddonsFramework.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\ButtonSite.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\PropertySync.EXE] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\ScriptHost.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}] =>Toolbar.Freecorder
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\findlyrics] =>Adware.AddLyrics
[HKLM\Software\Google\Chrome\Extensions\jmhhdaimhfblnamlcdijbaakkifakade] =>Adware.AddLyrics
[HKCU\Software\BI] =>Adware.MegaSearch
[HKLM\Software\delta-homesSoftware] =>Toolbar.DeltaSearch
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0033906.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0033906.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0033906.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0033906.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\Toolbar.CT2504091] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311391106}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322392206}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{ba14329e-9550-4989-b3f2-9732e92d17cc} =>P2P.Azureus^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{ba14329e-9550-4989-b3f2-9732e92d17cc} =>Toolbar.Conduit^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Program Files\File Scout =>PUP.FileScout^
C:\Program Files\Smiley Bar for Facebook =>Adware.SmileyBar^
C:\Program Files\SupTab =>PUP.SupTab^
C:\Program Files\VisualBee =>Adware.VisualBeeToolbar^
C:\Program Files\Vuze =>P2P.Azureus^
C:\Program Files\Vuze_Remote =>P2P.Azureus^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^
C:\ProgramData\IePluginServices =>PUP.IePluginService^
C:\ProgramData\IHProtectUpDate =>Adware.AgentODR^
C:\ProgramData\PMB Files =>P2P.Pando^
C:\ProgramData\rkfree =>Keylogger.Logixoft^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\ProgramData\Trymedia =>Adware.Trymedia^
C:\ProgramData\VisualBee =>Adware.VisualBeeToolbar^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\Users\Família\AppData\Roaming\Azureus =>P2P.Azureus^
C:\Users\Família\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\Família\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\Família\AppData\Roaming\PerformerSoft =>PUP.PerformerSoft^
C:\Users\Família\AppData\Roaming\StatusWinks =>Toolbar.StatusWinks^
C:\Users\Família\AppData\Roaming\uTorrent =>P2P.µTorrent^
C:\Users\Família\AppData\Local\PMB Files =>P2P.Pando^
C:\Users\Família\AppData\Local\VisualBeeClient =>Adware.VisualBeeToolbar^
C:\Users\Família\AppData\Local\VisualBeeExe =>Adware.VisualBeeToolbar^
C:\Users\Família\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard^
C:\Program Files\Conduit =>PUP.Conduit
C:\Users\Família\AppData\Local\Conduit =>PUP.Conduit
C:\Users\Família\AppData\LocalLow\Conduit =>PUP.Conduit
C:\Users\Família\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\Família\AppData\LocalLow\Vuze_Remote =>PUP.Conduit
C:\Program Files\VisualBee\VisualBee-codedownloader.exe =>Adware.VisualBeeToolbar^
C:\Program Files\VisualBee\VisualBee-firefoxinstaller.exe =>Adware.VisualBeeToolbar^
C:\Program Files\VisualBee\VisualBee-updater.exe =>Adware.VisualBeeToolbar^
C:\Windows\Tasks\VisualBee-codedownloader.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\VisualBee-codedownloader =>PUP.CrossRider^
C:\Windows\Tasks\VisualBee-firefoxinstaller.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\VisualBee-firefoxinstaller =>PUP.CrossRider^
C:\Windows\Tasks\VisualBee-updater.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\VisualBee-updater =>PUP.CrossRider^
[HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar^
[HKCU\Software\AppDataLow\Software\VisualBee] =>Adware.VisualBeeToolbar^
[HKCU\Software\AppDataLow\Software\Vuze_Remote] =>P2P.Azureus^
[HKCU\Software\Azureus] =>P2P.Azureus^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\BitTorrent] =>P2P.BitTorrent^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKCU\Software\SimplyTech] =>PUP.SimplyTech^
[HKCU\Software\TNT2] =>Adware.TidyNetwork^
[HKCU\Software\Visualbee] =>Adware.VisualBeeToolbar^
[HKLM\Software\Azureus] =>P2P.Azureus^
[HKLM\Software\Babylon] =>PUP.Babylon^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\IHProtect] =>Adware.AgentODR^
[HKLM\Software\SupDp] =>PUP.SupTab^
[HKLM\Software\Trymedia Systems] =>Adware.Trymedia^
[HKLM\Software\Visualbee] =>Adware.VisualBeeToolbar^
[HKLM\Software\Vuze_Remote] =>P2P.Azureus^
[HKLM\Software\omiga-plusSoftware] =>Hijacker.OmigaPlus^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKLM\Software\supWindowsMangerProtect] =>PUP.Fuyu^
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\a578ddab13aef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\a578ddab13aef13] =>PUP.Babylon^^
[HKCR\CLSID\{11111111-1111-1111-1111-110311391106}] (VisualBee) =>Adware.VisualBeeToolbar^
[HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}] (Groove WebBrowserView2) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220322392206}] (CrossriderApp0033906.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] (Smiley Bar for Facebook) =>Adware.SmileyBar^
[HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}] (Vuze Remote Toolbar) =>P2P.Azureus^
[HKCR\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}] (Vuze Remote API Server) =>P2P.Azureus^
~ Additionnel Scan: 300864 Items scanned in 00mn 19s



---\\ Informações complémentaires do módulos
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects do navegador (02)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Barras do Internet Explorer (03))
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Chave do registo Shell MountPoints2 (MPSK) (O51)
~ AMI: 6 Scanned in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
http://nicolascoolman.fr/adware-smileybar =>Adware.SmileyBar
http://nicolascoolman.fr/hijacker-omigaplus =>Hijacker.OmigaPlus
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://nicolascoolman.fr/pup-dealply =>PUP.DealPly
http://nicolascoolman.fr/adware-visualbeetoolbar =>Adware.VisualBeeToolbar
http://nicolascoolman.fr/keylogger-logixoft =>Keylogger.Logixoft
http://nicolascoolman.fr/adware-megasearch =>Adware.MegaSearch
http://nicolascoolman.fr/adware-pricegong =>Adware.PriceGong
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/adware-addlyrics =>Adware.AddLyrics
http://nicolascoolman.fr/hijacker-babsolution =>Hijacker.BabSolution
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://nicolascoolman.fr/pup-datamngr =>PUP.Datamngr
http://nicolascoolman.fr/pup-filescout =>PUP.FileScout
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://www.nicolascoolman.fr/blog/ =>PUP.SimplyTech
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolman.fr/adware-tidynetwork =>Adware.TidyNetwork
http://nicolascoolman.fr/adware-zugo =>Adware.Zugo
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/adware-trymedia =>Adware.Trymedia
http://nicolascoolman.fr/pup-duuqu =>PUP.Duuqu
http://www.nicolascoolman.fr/blog/ =>Hijacker.DeltaHomes
http://nicolascoolman.fr/adware-installbrain =>Adware.InstallBrain
http://www.nicolascoolman.fr/blog/ =>PUP.IePluginService
http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy
http://www.nicolascoolman.fr/blog/ =>PUP.PerformerSoft
http://www.nicolascoolman.fr/blog/ =>Toolbar.StatusWinks
http://nicolascoolman.fr/pup-bitguard =>PUP.BitGuard
http://nicolascoolman.fr/pup-dosearches =>PUP.DoSearches
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/adware-yontoo =>Adware.Yontoo
http://nicolascoolman.fr/adware-iwinarcade =>Adware.iWinArcade
http://nicolascoolman.fr/adware-bullseyetoolbar =>Adware.BullseyeToolbar
http://nicolascoolman.fr/adware-socialskinz =>Adware.SocialSkinz
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://www.nicolascoolman.fr/blog/ =>Adware.CDNHelper
http://nicolascoolman.fr/pup-clarosearch =>PUP.ClaroSearch
http://www.nicolascoolman.fr/blog/ =>Adware.Adkubru
http://nicolascoolman.fr/pup-1clickdownloader =>PUP.1ClickDownloader
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/pup-bprotector =>PUP.BProtector
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
http://www.nicolascoolman.fr/blog/ =>Toolbar.Freecorder
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
~ MSI: 53 link(s) detected in 00mn 00s



End of the scan (1868 lines in 02mn 36s)(0.6)

Publicité


Signaler le contenu de ce document

Publicité